github.com/ethereum-optimism/optimism@v1.7.2/op-node/p2p/gating/expiry_test.go (about) 1 package gating 2 3 import ( 4 "net" 5 "testing" 6 "time" 7 8 "github.com/ethereum-optimism/optimism/op-node/p2p/store" 9 10 "github.com/ethereum-optimism/optimism/op-node/metrics" 11 "github.com/ethereum-optimism/optimism/op-node/p2p/gating/mocks" 12 "github.com/ethereum-optimism/optimism/op-service/clock" 13 "github.com/ethereum-optimism/optimism/op-service/testlog" 14 log "github.com/ethereum/go-ethereum/log" 15 "github.com/libp2p/go-libp2p/core/network" 16 "github.com/libp2p/go-libp2p/core/peer" 17 "github.com/multiformats/go-multiaddr" 18 "github.com/stretchr/testify/require" 19 ) 20 21 func expiryTestSetup(t *testing.T) (*clock.DeterministicClock, *mocks.ExpiryStore, *mocks.BlockingConnectionGater, *ExpiryConnectionGater) { 22 mockGater := mocks.NewBlockingConnectionGater(t) 23 log := testlog.Logger(t, log.LevelError) 24 cl := clock.NewDeterministicClock(time.Now()) 25 mockExpiryStore := mocks.NewExpiryStore(t) 26 gater := AddBanExpiry(mockGater, mockExpiryStore, log, cl, metrics.NoopMetrics) 27 return cl, mockExpiryStore, mockGater, gater 28 } 29 30 func TestExpiryConnectionGater_InterceptPeerDial(t *testing.T) { 31 mallory := peer.ID("malllory") 32 t.Run("expired peer ban", func(t *testing.T) { 33 cl, mockExpiryStore, mockGater, gater := expiryTestSetup(t) 34 mockGater.EXPECT().InterceptPeerDial(mallory).Return(true) 35 mockExpiryStore.EXPECT().GetPeerBanExpiration(mallory).Return(cl.Now().Add(-time.Second), nil) 36 mockExpiryStore.EXPECT().SetPeerBanExpiration(mallory, time.Time{}).Return(nil) 37 allow := gater.InterceptPeerDial(mallory) 38 require.True(t, allow) 39 }) 40 t.Run("active peer ban", func(t *testing.T) { 41 cl, mockExpiryStore, mockGater, gater := expiryTestSetup(t) 42 mockGater.EXPECT().InterceptPeerDial(mallory).Return(true) 43 mockExpiryStore.EXPECT().GetPeerBanExpiration(mallory).Return(cl.Now().Add(time.Second), nil) 44 allow := gater.InterceptPeerDial(mallory) 45 require.False(t, allow) 46 }) 47 t.Run("unknown expiring ban", func(t *testing.T) { 48 _, mockExpiryStore, mockGater, gater := expiryTestSetup(t) 49 mockGater.EXPECT().InterceptPeerDial(mallory).Return(true) 50 mockExpiryStore.EXPECT().GetPeerBanExpiration(mallory).Return(time.Time{}, store.UnknownBanErr) 51 allow := gater.InterceptPeerDial(mallory) 52 require.True(t, allow) 53 }) 54 t.Run("inner ban", func(t *testing.T) { 55 _, _, mockGater, gater := expiryTestSetup(t) 56 mockGater.EXPECT().InterceptPeerDial(mallory).Return(false) 57 allow := gater.InterceptPeerDial(mallory) 58 require.False(t, allow) 59 }) 60 } 61 62 func TestExpiryConnectionGater_InterceptAddrDial(t *testing.T) { 63 ip := net.IPv4(1, 2, 3, 4) 64 mallory := peer.ID("7y9Qv7mG2h6fnzcDkeqVsEvW2rU9PdybSZ8y1dCrB9p") 65 addr, err := multiaddr.NewMultiaddr("/ip4/1.2.3.4/tcp/9000") 66 require.NoError(t, err) 67 68 t.Run("expired IP ban", func(t *testing.T) { 69 cl, mockExpiryStore, mockGater, gater := expiryTestSetup(t) 70 mockGater.EXPECT().InterceptAddrDial(mallory, addr).Return(true) 71 mockExpiryStore.EXPECT().GetPeerBanExpiration(mallory).Return(time.Time{}, store.UnknownBanErr) 72 mockExpiryStore.EXPECT().GetIPBanExpiration(ip.To4()).Return(cl.Now().Add(-time.Second), nil) 73 mockExpiryStore.EXPECT().SetIPBanExpiration(ip.To4(), time.Time{}).Return(nil) 74 allow := gater.InterceptAddrDial(mallory, addr) 75 require.True(t, allow) 76 }) 77 t.Run("active IP ban", func(t *testing.T) { 78 cl, mockExpiryStore, mockGater, gater := expiryTestSetup(t) 79 mockGater.EXPECT().InterceptAddrDial(mallory, addr).Return(true) 80 mockExpiryStore.EXPECT().GetPeerBanExpiration(mallory).Return(time.Time{}, store.UnknownBanErr) 81 mockExpiryStore.EXPECT().GetIPBanExpiration(ip.To4()).Return(cl.Now().Add(time.Second), nil) 82 allow := gater.InterceptAddrDial(mallory, addr) 83 require.False(t, allow) 84 }) 85 t.Run("unknown IP ban expiry", func(t *testing.T) { 86 _, mockExpiryStore, mockGater, gater := expiryTestSetup(t) 87 mockGater.EXPECT().InterceptAddrDial(mallory, addr).Return(true) 88 mockExpiryStore.EXPECT().GetPeerBanExpiration(mallory).Return(time.Time{}, store.UnknownBanErr) 89 mockExpiryStore.EXPECT().GetIPBanExpiration(ip.To4()).Return(time.Time{}, store.UnknownBanErr) 90 allow := gater.InterceptAddrDial(mallory, addr) 91 require.True(t, allow) 92 }) 93 t.Run("inner ban", func(t *testing.T) { 94 _, _, mockGater, gater := expiryTestSetup(t) 95 mockGater.EXPECT().InterceptAddrDial(mallory, addr).Return(false) 96 allow := gater.InterceptAddrDial(mallory, addr) 97 require.False(t, allow) 98 }) 99 100 t.Run("expired peer ban but active ip ban", func(t *testing.T) { 101 cl, mockExpiryStore, mockGater, gater := expiryTestSetup(t) 102 mockGater.EXPECT().InterceptAddrDial(mallory, addr).Return(true) 103 mockExpiryStore.EXPECT().GetPeerBanExpiration(mallory).Return(cl.Now().Add(-time.Second), nil) 104 mockExpiryStore.EXPECT().SetPeerBanExpiration(mallory, time.Time{}).Return(nil) 105 mockExpiryStore.EXPECT().GetIPBanExpiration(ip.To4()).Return(cl.Now().Add(time.Second), nil) 106 allow := gater.InterceptAddrDial(mallory, addr) 107 require.False(t, allow) 108 }) 109 t.Run("active peer ban", func(t *testing.T) { 110 cl, mockExpiryStore, mockGater, gater := expiryTestSetup(t) 111 mockGater.EXPECT().InterceptAddrDial(mallory, addr).Return(true) 112 mockExpiryStore.EXPECT().GetPeerBanExpiration(mallory).Return(cl.Now().Add(time.Second), nil) 113 allow := gater.InterceptAddrDial(mallory, addr) 114 require.False(t, allow) 115 }) 116 t.Run("expired peer ban and expired ip ban", func(t *testing.T) { 117 cl, mockExpiryStore, mockGater, gater := expiryTestSetup(t) 118 mockGater.EXPECT().InterceptAddrDial(mallory, addr).Return(true) 119 mockExpiryStore.EXPECT().GetPeerBanExpiration(mallory).Return(cl.Now().Add(-time.Second), nil) 120 mockExpiryStore.EXPECT().SetPeerBanExpiration(mallory, time.Time{}).Return(nil) 121 mockExpiryStore.EXPECT().GetIPBanExpiration(ip.To4()).Return(cl.Now().Add(-time.Second), nil) 122 mockExpiryStore.EXPECT().SetIPBanExpiration(ip.To4(), time.Time{}).Return(nil) 123 124 allow := gater.InterceptAddrDial(mallory, addr) 125 require.True(t, allow) 126 }) 127 } 128 129 type localRemoteAddrs struct { 130 local multiaddr.Multiaddr 131 remote multiaddr.Multiaddr 132 } 133 134 func (l localRemoteAddrs) LocalMultiaddr() multiaddr.Multiaddr { 135 return l.local 136 } 137 138 func (l localRemoteAddrs) RemoteMultiaddr() multiaddr.Multiaddr { 139 return l.remote 140 } 141 142 var _ network.ConnMultiaddrs = localRemoteAddrs{} 143 144 func TestExpiryConnectionGater_InterceptAccept(t *testing.T) { 145 ip := net.IPv4(1, 2, 3, 4) 146 addr, err := multiaddr.NewMultiaddr("/ip4/1.2.3.4/tcp/9000") 147 require.NoError(t, err) 148 mas := localRemoteAddrs{remote: addr} 149 150 t.Run("expired IP ban", func(t *testing.T) { 151 cl, mockExpiryStore, mockGater, gater := expiryTestSetup(t) 152 mockGater.EXPECT().InterceptAccept(mas).Return(true) 153 mockExpiryStore.EXPECT().GetIPBanExpiration(ip.To4()).Return(cl.Now().Add(-time.Second), nil) 154 mockExpiryStore.EXPECT().SetIPBanExpiration(ip.To4(), time.Time{}).Return(nil) 155 allow := gater.InterceptAccept(mas) 156 require.True(t, allow) 157 }) 158 t.Run("active IP ban", func(t *testing.T) { 159 cl, mockExpiryStore, mockGater, gater := expiryTestSetup(t) 160 mockGater.EXPECT().InterceptAccept(mas).Return(true) 161 mockExpiryStore.EXPECT().GetIPBanExpiration(ip.To4()).Return(cl.Now().Add(time.Second), nil) 162 allow := gater.InterceptAccept(mas) 163 require.False(t, allow) 164 }) 165 t.Run("unknown expiry", func(t *testing.T) { 166 _, mockExpiryStore, mockGater, gater := expiryTestSetup(t) 167 mockGater.EXPECT().InterceptAccept(mas).Return(true) 168 mockExpiryStore.EXPECT().GetIPBanExpiration(ip.To4()).Return(time.Time{}, store.UnknownBanErr) 169 allow := gater.InterceptAccept(mas) 170 require.True(t, allow) 171 }) 172 t.Run("inner ban", func(t *testing.T) { 173 _, _, mockGater, gater := expiryTestSetup(t) 174 mockGater.EXPECT().InterceptAccept(mas).Return(false) 175 allow := gater.InterceptAccept(mas) 176 require.False(t, allow) 177 }) 178 } 179 180 func TestExpiryConnectionGater_InterceptSecured(t *testing.T) { 181 mallory := peer.ID("7y9Qv7mG2h6fnzcDkeqVsEvW2rU9PdybSZ8y1dCrB9p") 182 addr, err := multiaddr.NewMultiaddr("/ip4/1.2.3.4/tcp/9000") 183 require.NoError(t, err) 184 mas := localRemoteAddrs{remote: addr} 185 186 t.Run("expired peer ban", func(t *testing.T) { 187 cl, mockExpiryStore, mockGater, gater := expiryTestSetup(t) 188 mockGater.EXPECT().InterceptSecured(network.DirInbound, mallory, mas).Return(true) 189 mockExpiryStore.EXPECT().GetPeerBanExpiration(mallory).Return(cl.Now().Add(-time.Second), nil) 190 mockExpiryStore.EXPECT().SetPeerBanExpiration(mallory, time.Time{}).Return(nil) 191 allow := gater.InterceptSecured(network.DirInbound, mallory, mas) 192 require.True(t, allow) 193 }) 194 t.Run("active peer ban", func(t *testing.T) { 195 cl, mockExpiryStore, mockGater, gater := expiryTestSetup(t) 196 mockGater.EXPECT().InterceptSecured(network.DirInbound, mallory, mas).Return(true) 197 mockExpiryStore.EXPECT().GetPeerBanExpiration(mallory).Return(cl.Now().Add(time.Second), nil) 198 allow := gater.InterceptSecured(network.DirInbound, mallory, mas) 199 require.False(t, allow) 200 }) 201 t.Run("unknown expiry", func(t *testing.T) { 202 _, mockExpiryStore, mockGater, gater := expiryTestSetup(t) 203 mockGater.EXPECT().InterceptSecured(network.DirInbound, mallory, mas).Return(true) 204 mockExpiryStore.EXPECT().GetPeerBanExpiration(mallory).Return(time.Time{}, store.UnknownBanErr) 205 allow := gater.InterceptSecured(network.DirInbound, mallory, mas) 206 require.True(t, allow) 207 }) 208 t.Run("inner ban", func(t *testing.T) { 209 _, _, mockGater, gater := expiryTestSetup(t) 210 mockGater.EXPECT().InterceptSecured(network.DirInbound, mallory, mas).Return(false) 211 allow := gater.InterceptSecured(network.DirInbound, mallory, mas) 212 require.False(t, allow) 213 }) 214 t.Run("accept outbound", func(t *testing.T) { 215 _, _, _, gater := expiryTestSetup(t) 216 allow := gater.InterceptSecured(network.DirOutbound, mallory, mas) 217 require.True(t, allow) 218 }) 219 }